Guest Post by Mark Nestmann
You have to admit that the US government has a pretty dismal record when it comes to computer security.
In just the last year, the Office of Personnel Management (OPM) revealed that hackers had stolen the personal information of more than 20 million current and former federal government applicants and employees. The stolen data included more than six million fingerprints – considered the “gold standard” for proof of identity.
If that wasn’t enough, the IRS acknowledged it also had suffered a massive data breach, with hackers stealing information of more than 300,000 taxpayers to claim more than $50 million in bogus refunds. And just a few months later, the IRS admitted that the system it used to identify taxpayers electronically had itself been hacked!
While I don’t consider myself an expert on computer security, I can tell you the steps I would take if an organization I ran suffered breaches of this magnitude. The first thing I would do is pull the plug. Take the systems offline – completely – until the vulnerabilities were isolated, repaired, and then tested under a variety of attack scenarios.
The second thing I would do would be to encrypt everything on both infected and non-infected networks. And by “everything,” I mean exactly what that word indicates.
With encryption software, no one but you and your intended recipient can read your email messages, text messages, instant messages, etc. You can even encrypt your entire hard disk to protect everything on your PC from prying eyes. If hackers managed to penetrate your network, all they’d see is unintelligible gibberish.
For instance, here’s a link to a message I just wrote to myself in an encrypted format. Can you tell me what it says?
Give up? The message is simply, “Encryption works.”
Continue reading “This law would really leave us defenseless”